Created https://github.com/openshift/openshift-ansible/pull/8403
Fix is available in openshift-ansible-3.9.30-1
Verify this bug with openshift-ansible-3.9.31-1.git.34.154617d.el7.noarch.rpm. During 3.7 to 3.9 upgrade, when etcd redeploy-certificates.yml is called, it could backup etcd certs and generate new cert files correctly. Copy file steps: TASK [etcd : file] ********************************************************************************************************************************************************** changed: [qe-gpei-rpm37-master-1.0618-2lg.qe.rhcloud.com -> qe-gpei-rpm37-etcd-1.0618-2lg.qe.rhcloud.com] => {"changed": true, "dest": "/etc/etcd/generated_certs/openshift-master-qe-gpei-rpm37-master-1/master.etcd-ca.crt", "failed": false, "gid": 0, "group": "root", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 1895, "src": "/etc/etcd/ca/ca.crt", "state": "hard", "uid": 0} ... TASK [etcd : file] ********************************************************************************************************************************************************** changed: [qe-gpei-rpm37-etcd-1.0618-2lg.qe.rhcloud.com -> qe-gpei-rpm37-etcd-1.0618-2lg.qe.rhcloud.com] => {"changed": true, "dest": "/etc/etcd/generated_certs/etcd-qe-gpei-rpm37-etcd-1/ca.crt", "failed": false, "gid": 0, "group": "root", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 1895, "src": "/etc/etcd/ca/ca.crt", "state": "hard", "uid": 0}